Systems Security Certified Practitioner

SSCP

The Systems Security Certified Practitioner (SSCP) exam is an intermediate-level certification that focuses on the practical application of security concepts and best practices.

Focus

The Systems Security Certified Practitioner certification focuses on Operational Security (OpSec) and an understanding of the role of the security practitioner in identifying, mitigating, and responding to security risks.

Exam Duration

The Systems Security Certified Practitioner exam duration is 3 hours

Num of Question

The exam contains a total of 125

Exam Fee

The exam fee is $300-$400.

Exam Validity

The CCRN-Pediatric certification is valid for 3 years.

Prior Certification

• CompTIA Security+ or equivalent

Exam Format

The Systems Security Certified Practitioner exam is a Multiple Choice, Multi-Select, and Fill-in-the-Blank questions

Passing Conditions

To pass Systems Security Certified Practitioner exam, applicants must achieve a minimum score of Pass the exam with at least 750/900 points

Who Should Take

The SSCP certification is designed for security practitioners who have at least one year of direct security work experience, including those in the roles of

• Information Security Analyst
• Security Consultant
• Security Manager
• Compliance Manager

Prerequisites

One year of direct security work experience

Or can substitute with certifications:

• Active military service in cyber security roles may be considered
• Government-approved security certifications and professional experience may be considered

Certification Process

• Step 1: Meet the eligibility requirements
• Step 2: Register for the exam through an authorized ISC testing center
• Step 3: Prepare for the exam by studying for the content and format
• Step 4: Pass the SSCP exam with a minimum score of 750/900 points

Domains with Weights

• Access Control and Identity Management (16%): This domain focuses on implementing policies and procedures to manage identities and access to systems and resources, including implementing, maintaining, and monitoring these systems.
• Asset Security (14%): This domain focuses on identifying and managing risk, implementing asset security requirements, and ensuring compliance with regulations and standards.
• Business Continuity and Disaster Recovery (12%): This domain focuses on developing business continuity and disaster recovery plans to ensure that an organization can maintain operations in the event of a disaster or business disruption.
• Cryptology (8%): This domain focuses on implementing encryption, decryption, digital signatures, and other cryptography techniques to maintain data confidentiality and integrity.
• Malicious Code (9%): This domain focuses on identifying, mitigating, and responding to malware and other types of malicious code.
• Network Security (15%): This domain focuses on implementing network security measures to protect systems and data, including implementing network security policies and procedures.
• Risk Management and Vendor Management (13%): This domain focuses on identifying, mitigating, and responding to threats, as well as managing relationships with vendors to ensure that they are implementing secure practices.
• Security Operations and Monitoring (9%): This domain focuses on monitoring and reviewing logs, implementing incident management and response procedures, and ensuring compliance with regulations and standards.
• Software and System Development Security (6%): This domain focuses on developing secure software and systems, including implementing secure coding practices, designing secure systems, and testing for vulnerabilities.
• Telecommunications and Network Security (7%): This domain focuses on implementing secure telecommunications and network security measures, including ensuring the confidentiality, integrity, and availability of data.